A personnel file is the collection of all relevant documents relating to an employment relationship – from the employment contract and payslips to performance reviews and formal warnings. There is no statutory obligation to maintain a personnel file, but there are clear rules about what it must contain, what is prohibited, and what rights employees have – governed by §83 BetrVG (Works Constitution Act), §26 BDSG (Federal Data Protection Act), and the GDPR.
What Is a Personnel File?
A personnel file is the organised collection of all documents that record the employment relationship between employer and employee. It accompanies employees from their first day of hire through to the end of the employment relationship – and beyond, until the applicable statutory retention periods have expired.
Although there is no legal obligation to maintain a personnel file, it is indispensable in practice for both organisational and legal reasons. It serves as evidence in employment disputes, as the basis for payroll and social security reporting, and as a foundation for HR decisions.
A personnel file may be kept in paper form or digitally. Both formats are subject to the same legal requirements – in particular data protection law.
What Belongs in a Personnel File?
Typical Contents
Although there is no statutory template for the structure of a personnel file, certain components have become standard practice:
- Application documents: CV, certificates, qualifications (where relevant to the employment relationship)
- Contractual documents: Employment contract, contract amendments, side agreements
- Payroll documents: Pay slips, salary change agreements
- Master data: Name, address, bank details, tax ID, social security number
- References and appraisals: Employment references, performance reviews
- Formal warnings (Abmahnungen): Written warnings including proof of delivery
- Sickness and leave records: Holiday requests and approvals, certificates of incapacity (duration only, not diagnosis)
- Training records: Certificates of attendance, qualification documents
- Termination documents: Notice of termination, termination agreement, leaving certificate
The governing principle is the purpose limitation principle under GDPR Art. 5: only documents with a direct connection to the employment relationship and necessary for its performance may be included in the personnel file.
What Must Not Be Included
Certain information is expressly prohibited in a personnel file – either because it violates anti-discrimination law (AGG – General Equal Treatment Act) or because it is not required under data protection law:
- Religious affiliation, political views, trade union membership (unless relevant for tax purposes)
- Medical diagnoses – only the duration of incapacity may be documented, not the illness itself
- Information about pregnancy (as a general rule)
- Private information without a work-related context (e.g. marital status, hobbies, personal views)
- Internal employer notes that have not been disclosed to the employee
Violations of these rules can result in fines under the GDPR and employment law consequences.
Legal Framework
Right of Inspection under §83 BetrVG
Under §83 of the Works Constitution Act (BetrVG), employees have the right to inspect their full personnel file at any time. This right is not limited to specific circumstances – employees may exercise it at any time and without giving reasons.
Importantly, employees may bring a works council member along when inspecting their file. However, this requires the employee's explicit consent – the works council has no independent right of access without that consent.
Under §83 Para. 2 BetrVG, employees also have the right to file a written rebuttal: anyone who disagrees with an entry in their personnel file may have a written statement appended. This statement must remain in the file permanently.
Data Protection: §26 BDSG and the GDPR
The data protection requirements for personnel files are governed by §26 BDSG (Federal Data Protection Act) and the GDPR.
§26 BDSG permits the processing of personal data in the employment context insofar as this is necessary for establishing, performing, or terminating the employment relationship. What is not necessary may not be processed – and therefore may not be stored in the personnel file either.
Employees may at any time request information about all personal data stored about them under GDPR Art. 15. Under GDPR Art. 17, there is a right to erasure once the purpose of the data storage no longer exists.
Removal of Entries from the Personnel File
Formal warnings (Abmahnungen) do not have to remain in the personnel file permanently. According to the consistent case law of the Federal Labour Court (Bundesarbeitsgericht, BAG), warnings may be removed once they are so far in the past that there is no longer a risk of repetition and the matter has no further legal relevance. In practice, warnings are often removed after three to five years – although there is no statutory deadline for this.
In the case of incorrect or inaccurate entries, employees have the right under §83 Para. 2 BetrVG to request their removal.
Retention Periods for Personnel Files
There is no single statutory retention period for the personnel file as a whole. Retention periods depend on the type of document:
After the employment relationship ends, documents must be deleted once their respective retention period has expired. Tax-relevant documents such as payslips must be retained for ten years – after which there is a full obligation to delete them under GDPR Art. 17.
The Digital Personnel File
More and more organisations are moving from paper-based files to digital personnel files (also referred to as electronic personnel files). The benefits are clear: faster access, centralised storage, easier rights management, and reduced administrative effort.
Benefits of the Electronic Personnel File
- Efficiency: Documents can be accessed quickly, regardless of location
- Access rights: Precise control over who may view which documents
- Data security: Encryption and access restrictions reduce the risk of unauthorised access
- Completeness: Automated reminders for missing documents are possible
- Audit trail: Changes are logged and traceable
GDPR Requirements for Digital Personnel Files
Digitising a personnel file does not exempt organisations from their data protection obligations – quite the contrary: the same requirements apply as for paper files, supplemented by specific technical requirements under GDPR Art. 32:
- Access authorisation: Only authorised individuals may access the file
- Technical and organisational measures (TOMs): Encryption, password protection, regular backups
- Audit trail integrity: Documents must not be modified without a traceable record
- Data Protection Impact Assessment (DPIA): May be required depending on the scope of data processed (GDPR Art. 35)
When selecting HR software for a digital personnel file, organisations should ensure GDPR-compliant data processing and, ideally, server locations within the EU.
Frequently Asked Questions About Personnel Files
What must be included in a personnel file?
There is no statutory checklist, but typical contents include application documents, the employment contract, payslips, performance reviews, and employment references. The key principle is that only documents with a direct connection to the employment relationship may be included (purpose limitation principle under GDPR Art. 5).
What must not be included in a personnel file?
Prohibited are any items that are not necessary for the employment relationship or that violate anti-discrimination rules: religious and political views, trade union membership, medical diagnoses (only the duration of incapacity is permitted), private information without a work-related context, and internal employer notes not disclosed to the employee.
Who may access a personnel file?
Employees have the right to inspect their own file at any time under §83 BetrVG. Line managers and HR may access the file within the scope of their responsibilities. The works council may only access the file with the employee's explicit consent. Third parties have no right of access as a general rule.
How long must a personnel file be retained?
There is no single retention period. Pay slips: 10 years (Tax Code). Social security documents: 4–5 years. Employment contracts and employment law-relevant documents: generally 3 years after termination (statutory limitation period under §195 BGB). After that, there is an obligation to delete under GDPR Art. 17.
What happens to the personnel file after termination?
After the employment relationship ends, documents must be deleted progressively – according to the respective retention period for each document type. Tax-relevant documents must be retained for 10 years. There is no automatic right for former employees to receive the entire file. However, upon request, former employees are entitled to information about any personal data still stored (GDPR Art. 15).
Am I required as an employer to maintain a personnel file?
There is no statutory obligation to maintain a personnel file. However, there is an obligation to retain certain documents – in particular payroll records and social security evidence. For organisational and liability reasons, maintaining a personnel file is strongly recommended in any case.
Can I have incorrect entries removed from my personnel file?
Yes. Under §83 Para. 2 BetrVG, employees have the right to respond to entries in their personnel file with a written rebuttal. Incorrect entries can be requested for removal. Formal warnings may be removed, according to BAG case law, after a reasonable period of time – in practice, often after three to five years.
What should be specifically considered with a digital personnel file?
The same data protection obligations as for a paper file apply in digital form. In addition, technical and organisational measures (TOMs) must be implemented under GDPR Art. 32: access authorisation, encryption, audit trail integrity and, if applicable, a Data Protection Impact Assessment. A review of the chosen HR software's GDPR compliance is advisable before implementation.
Conclusion
The personnel file is a central instrument of HR administration. Although there is no legal obligation to maintain one, it is indispensable in practice – as legal documentation, as a basis for payroll, and as evidence in disputes.
What matters most is that the personnel file is managed in compliance with data protection law: only documents with a direct employment-related purpose may be included. Employees have the right to inspect their file and submit a rebuttal at any time. Retention periods vary by document type and must be consistently observed.
The move to a digital personnel file offers significant efficiency gains – but requires careful implementation of GDPR requirements, particularly regarding access rights and audit trail integrity. Anyone planning the transition should plan for technical measures, rights management, and a potential Data Protection Impact Assessment early in the process.
Further information on modern HR processes can be found in the glossary articles on Internal Recruitment and Onboarding.
Sources
- §83 BetrVG – Right to Inspect Personnel Files. Federal Ministry of Justice, Germany, 2024. https://www.gesetze-im-internet.de/betrvg/__83.html
- §26 BDSG – Data Processing for Employment Purposes. Federal Ministry of Justice, Germany, 2018. https://www.gesetze-im-internet.de/bdsg_2018/__26.html
- GDPR Art. 17 – Right to Erasure ("Right to be Forgotten"). European Parliament / European Commission, 2018. https://gdpr-info.eu/art-17-gdpr/
- GDPR Art. 5 – Principles Relating to the Processing of Personal Data. European Parliament / European Commission, 2018. https://gdpr-info.eu/art-5-gdpr/
- DGFP Guide: Digital Personnel Files. German Society for Human Resources Management (DGFP e.V.), 2022. https://www.dgfp.de
- Bitkom Study: Digitalisation in HR Departments. Bitkom e.V., 2023. https://www.bitkom.org
Make a better pre-selection — even before the first interview
In just a few minutes, Aivy shows you which candidates really fit the role. Beyond resumes based on strengths.
